Ok. I have tried 5 different antivirus programs including the “trials” of all the major virus programs. None seem to detect or find the host to this file. So i’ll try to get some help here.
First, I’m getting a popup from avg and Avast blocking win32:Malware-Gen, The processes are located in the services.exe and it keeps trying to connect to random sites. (Even while internet explorer/mozilla firefox are not up) I have tried running the boot scanner from avast. It found something once, deleted it and is now showing that my system is clean. But I am still getting the popups. I have also noticed in my program data folder when i was trying to retrieve my logs im showing locked folders (documents, desktop, application data, etc…) Don’t know if those are supposed to be that way or not.
I also found something else. I switched my folder options to see hidden files so i could find my logs. When I looked at the desktop I found two text files named desktop(on my desktop) that included this string Edit: I found about 53 more of these in a ton of folders. I deleted all of them…
Looks like you have the newest variant of the ZeroAccess Rootkit on your system.
WARNINGUnfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.
Download Combofix from either of the links below, and save it to your desktop. Link 1 Link 2
Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.
P2P - I see you have P2P software Frostwire installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a “safe” P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features.
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
Ok, I’m at work right now. I will do it as soon as I get home. I appreciate your help thus far and apologize I can’t do it right away. I wont get off for about 4+ hours depending on business so feel free to do something else til then.
Edited: My computer is turned off battery taken out and harddrive removed for now. Don’t know if that was necessary but I did it anyways.
Ok I just did what you said above on my lunch break. As soon as it started it asked me to update combo fix. So I did. As soon as it was done it ran the scan… Then it restarted my computer. When it came back up my computer went ape shit bananas(excuse my language). I took a vid with my phone so i can upload it if need be but basically it kept opening the blue console window and closing instantly and would do it about 30times per sec. I shut down my computer and will wait to see what you say.
[*]Extract it to your desktop
[*]Double click TDSSKiller.exe
[*]when the window opens, click on Change Parameters
[*]under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
[*]click OK
[*]Press Start Scan
[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now
[*]Attach the log in your next reply
[*]A copy of the log will be saved automatically to the root of the drive (typically C:)
I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
Please run a free online scan with the ESET Online Scanner [i]Note: You will need to use Internet Explorer for this scan[/i]
[*]Tick the box next to YES, I accept the Terms of Use
[*]Click Start
[*]When asked, allow the ActiveX control to install
[*]Click Start
[*]Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
[*]Click Scan (This scan can take several hours, so please be patient)
[*]Once the scan is completed, you may close the window Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner[b]log.txt
[*]Copy and paste that log as a reply to this topic
In your next reply please attach the Malwarebytes and ESET logs.
